Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!viusys!uxui!unislc!harem!wes
From: wes@harem.clydeunix.com (Wes Peters)
Newsgroups: comp.os.minix
Subject: Re: MINIX Security
Summary: uid in process table?
Message-ID: <183@harem.clydeunix.com>
Date: 8 Apr 91 14:34:53 GMT
References: <47976@nigel.ee.udel.edu> <dfs.669317926@scotty>
Organization: Raxco, Inc., Orem, UT
Lines: 20

In article <dfs.669317926@scotty>, dfs@doe.carleton.ca (David F. Skoll) writes:
> In principle, MINIX security should be easy to break.  I've only had
> my system for a couple of days, and have just glanced at the code, but
> it seems that since the hardware (my PC-XT) does not have memory protection,
> it should be possible to write an assembler program which hunts around for
> the kernel's process table, figures out what's where, and manually changes
> its uid to 0.  Practically, this might be quite messy.

Isn't the process uid in the uarea?  This should be pretty easy to find;
just look at the code that implements fork(2).  Of course, on the
808[68] the uarea might not be in your default data segment, but not
everything can be easy, right?

	Wes Peters

-- 
#include <std/disclaimer.h>           |     The worst day sailing
My opinions, your screen.             |     is much better than
Raxco had nothing to do with this!    |     the best day at work.
Wes Peters:  wes@harem.clydeunix.com   uunet!viusys!uxui!unislc!harem!wes